Tag Archives: Data Protection

In April 2019 the Commons Digital, Culture, Media and Sport select committee established a sub-committee to continue its inquiry into disinformation and data privacy in the digital age. Michela Paleseconsiders the motivations underlying the establishment of this sub-committee, its stated priorities, and how it can help confront the challenges and threats to our democratic processes arising from online campaigning.

Last month the Digital, Culture, Media and Sport (DCMS) select committee launched a new Sub-Committee on Disinformation. Its task is to become ‘Parliament’s institutional home’ for matters concerning disinformation and data privacy; a focal point that will bring together those seeking to scrutinise and examine threats to democracy.’

The new sub-committee promises to offer an ongoing channel through which to gather evidence on disinformation and online political campaigning, and to highlight the urgent need for government, parliament, tech companies and others to take action so as to protect the integrity of our political system from online threats.

Damian Collins, chair of the DCMS committee, explained that the sub-committee was created because of:

‘concerns about the spread of disinformation and the pivotal role that social media plays. Disinformation is a growing issue for democracy and society, and robust public policy responses are needed to tackle it at source, as well as through the channels through which it is shared. We need to look principally at the responsibilities of big technology companies to act more effectively against the dissemination of disinformation, to provide more tools for their users to help them identify untrustworthy sources of information, and to provide greater transparency about who is promoting that content.’

The sub-committee follows up on the significant work conducted as part of the DCMS committee’s long-running inquiry into Disinformation and ‘Fake News’, whose final report was published in February 2019.

This inquiry ran for 18 months, held 23 oral evidence sessions, and took evidence from 73 witnesses: its final report contained a series of important conclusions and recommendations.

Among these, the report called on the government to look at how UK law should define ‘digital campaigning’ and ‘online political advertising’, and to acknowledge the role and influence of unpaid campaigns and Facebook groups both outside and during regulated campaign periods. It also advocated the creation of a code of practice around the political use of personal data, which would offer transparency about how people’s data are being collected and used, and about what messages users are being targeted with and by whom. It would also mean that political parties would have to take greater responsibility with regards to the use of personal data for political purposes, and ensure compliance with data protection and user consent legislation.Continue reading →

Non-technologists may have noticed that ‘big data’ is the most recent addition to our ever-expanding lexicon of webtwopointwhateverspeak.

Big data refers to datasets that are beyond the means of ordinary software and processing power to analyse, owing to their sheer scale and complexity. An obvious example is Facebook; the London Data Store is another.

Commercial organisations have been collecting vast amounts of data for years; Anyone that has regularly used Gmail, a supermarket loyalty card, or shopped at Amazon, will have at least an inkling of how an organisation can i) collect data and ii) use it to target them with personalised actions.

What is new, is that in many instances the supply of data that companies and government now collect or access vastly overshadows their own ability to actually process it into useful information. It’s not only computer-processing power that is lacking; a recent report by Deloitte points to a massive shortage in skilled labour. These are however short-term barriers that will be overcome by the larger organisations, either by outsourcing data analysis to countries with a surplus of quant talent, or by simply importing that skilled labour directly.

Traditional critics of data collection have made their arguments on the grounds of individual privacy. However the era of ‘big data’ has other, potentially more sinister implications. Writing recently for The Atlantic, Alexander Furnas of the Oxford Internet Institute believes we have yet to fully appreciate the macro-implications of the information age:

“Rather than caring about what they know about me, we should care about what they know about us. Detailed knowledge of individuals and their behavior coupled with the aggregate data on human behavior now available at unprecedented scale grants incredible power. Knowing about all of us – how we behave, how our behavior has changed over time, under what conditions our behavior is subject to change, and what factors are likely to impact our decision-making under various conditions – provides a roadmap for designing persuasive technologies.”

Taken in conjunction with the popularity of behavioural economics within policy-making circles (consider the UK government’s “Nudge Unit” as a case in point) the potential applications of ‘big data’ for public policy are considerable, and deserve closer scrutiny.

Hugo Campos has an Implantable Cardioverter Defibrillator (ICD) attached to his heart. He suffers from a relatively common heart condition and needs the ICD to facilitate electric therapy in the event of irregular heart activity.

The same device also streams a great deal of complex information back to its manufacturer, information that the implantee is unable to access directly. Even though the ICD is implanted into his own chest and regularly transmits data about him out of it, Hugo has to rely solely on his doctor, who actually doesn’t have access to the complete real-time “raw data” either, instead an interpreted dataset from the manufacturer.

In response, he disabled the transmission entirely and by his own admission is now risking his health to make a political statement: “I will not be monitored remotely if I am not made part of this data loop.”

The information age has transformed our expectations. In years gone by we would trust our physicians to know best; we had little choice. Today, Hugo Campos represents a growing e-patient movement who want to break away from the total dependency inherent within the traditional doctor-patient relationship.

Of course, in order to be denied access to data, the data has to be there in the first place. Globally – nobody has precise figures – it’s fair to say that many people with high-risk hypertrophic cardiomyopathy cannot access, let alone afford an ICD, or are simply not diagnosed in time.

Nevertheless, it’s hard to shake the feeling that Mr Campos has a point.

As recently remarked on over at the Bits blog, tech companies like Facebook are increasingly fond of making the “economy versus privacy” argument. It goes something like this: Because they create jobs and generate growth in an otherwise bleak landscape of rising unemployment and negative growth, it would be foolish to burden innovative technology firms with privacy laws that could jeopardise these rare economic boons. Facebook has commissioned a study to this end, suggesting the company brings £2.2 billion to UK PLC and supports a further 35,200 jobs in sectors that are dependent on the popular social networking site. Their CEO Sheryl Sandberg recently commented “we want to make sure we have the right regulatory environment — a regulatory environment that promotes innovation and economic growth.” Mark Zuckerberg has in the past also not shied away from expressing his belief that privacy is no longer a social norm.

Today, the European Commission formally proposed amendments to the 1995 Protection of Personal Data Directive. These proposals include a “right to be forgotten” clause, allowing people to delete their personal information from a website if there is no legitimate basis for the company to retain it. Facebook claims however that far from wanting to delete their personal data, most Facebook users prefer having their details retained indefinitely. According to Richard Allan, Facebook’s Director of European Policy, “they want us to give them a guarantee that data will remain available in ten or 15 years’ time so they have a record of how things changed over time.” The UK Information Commissioner’s Office (ICO) also appears sceptical of an ‘rtbf’ clause, fearing that it could “mislead individuals and falsely raise their expectations, and be impossible to implement and enforce in practice.”

Sandberg, Zuckerberg and Allan frame the privacy debate as progress and economic prosperity versus anachronism and bureaucracy. As these amendments are debated over the coming months, we will get some measure of exactly just how anachronistic privacy really is to Europeans.

Following recent revelations made by The Mirror, Oliver Letwin has undoubtedly been forced to adopt a more conventional filing system. On approximately five separate occasions throughout September and early October the Prime Minister’s policy advisor (and MP for West Dorset) was seen discarding handfuls of paper work into public bins close to Downing Street. Whilst the various correspondences and documents were clearly considered to be redundant or unimportant by the MP, for The Mirror they were journalistic gold, and were therefore retrieved from amidst empty Coke cans and used train tickets. Totalling in excess of 100 sheets, the papers allegedly relate to a diverse array of individuals (including the Dalai Lama, Philip Green, Tony Blair and Letwin’s own constituents) and topics (from “The Big society” to al-Qaeda and British security).

There is no doubting that Oliver Letwin’s actions went against protocol, eliciting an apology from the MP and described as “not a sensible way to dispose of documents” by a No.10 spokeswoman. Indeed whilst the Cabinet Secretary, Gus O’Donnell, has stated he is satisfied that none of the papers in question were of a classified or sensitive nature, the Information Commissioner’s Office is, nonetheless, investigating the case to deduce whether or not Letwin’s actions were in breach of Data Protection Laws.

“Bin-gate” was not however the only (potential) breach of data protection to have been discovered in the past few weeks, though it certainly received the most national media attention. A housing group based in Dorset (Letwin’s neck of the woods) was found to have emailed the personal details of 200 employees to the wrong external email address clearly breaching data protection. Furthermore in Scotland, the Dumfries and Galloway council accidentally published the names, salaries and dates of birth of almost 900 employees (past and present) in response to an FOI request. The information could be viewed on the council’s website for over two months and was only removed following complaints from a trade union and numerous individuals mentioned in the data. This accident broke the fundamental principles of data protection, intruding on the privacy of affected individuals and exposing them to identity fraudsters. It is telling (yet by no means surprising) that Oliver Letwin’s blunder has received so much more media attention, despite the fact that the severity of his actions is as yet unknown and potentially minimal.

Whilst the nature and consequences of these three cases differ, one common variable is present in all: human error. Through misjudgement and mistakes the most basic principles of data protection fail to be upheld. All too often we see politicians carrying confidential papers in transparent folders or hear of memory sticks holding volumes of important information being left on trains. Incidents like these would not look out of place in an episode of “The Thick Of It”. Fundamentally, Data Protection Laws are only as robust as the integrity of those entrusted to maintain and abide by them.

The Information Commissioner has recently called for the ICO to be given more powers to carry out compulsory data protection audits on local government, the NHS and the private sector, all of which have breached data protection repeatedly. Speaking at the 10th annual data protection compliance conference, Christopher Graham stressed how important it is to ensure that those handling data concerning members of the general public are acting within the rules. It will be interesting to see both whether his appeal is acted upon but also whether increased auditing can help identify or even minimize human errors which, given its nature, are particularly damaging to data protection.

They waited nearly three years for boxes of what promised to be controversial and entertaining news fodder, straight from the fingertips of the U.S. vice-presidential candidate.

“Editors, bloggers and producers were doubtless rubbing their hands in glee on the expectation that the unfiltered thoughts of Sarah Palin as expressed in her email messages would be at least as idiotic as some of the unfiltered statements that come out of Sarah Palin’s mouth when she’s in front of a camera,” wrote L.A. Times’ Dan Turner.

What they got instead is a 24,000 pageload of mundane messages. No new revelations, not even material for a laugh.

The e-mails – or at least the ones the media has managed to sift through — are so boring it makes one wonder whether Sarah Palin, conscious that the messages could potentially be perused by the public, wrote them accordingly: free of gaffes, uninformed statements and controversy. (The Guardian has asked the public to help them sift through the e-mails)

She wouldn’t be the first politician to do so.

Some researchers claim the Freedom of Information Act – which the U.S. has had more than 40 years of getting used to – has had a “chilling effect” on politicians in Sweden and Canada. Sanitising records or making important or controversial decisions in unrecorded oral discussions may be a logical result of politicians and staff being conscious of potential public scrutiny (a study by the Constitution Unit, showed UK politicians would rather keep good records than face any negative consequences, however.)

Palin is often ridiculed for lacking media saavy and being a teleprompter addict – but she may have just outsmarted us all.

The disclosure on Friday and Monday by the state of Alaska contains e-mails from her Yahoo account, as well as the state-related e-mail from her staff’s personal and work accounts.

Until now, the documents consist of correspondence with aides, nice words for then-presidential candidate Barack Obama, e-mails showing annoyance about certain press coverage and a picture of Palin and her husband with an Elvis impersonator.

The e-mails spanning Palin’s first two years as governor were requested during the 2008 national elections, when she was Senator John McCain’s running mate, by citizens and news organisations such as the Associated Press. By now, her aspirations are one step further up the ladder as she toys with the prospect of being president.

Almost 2,300 pages were held back due to data protection issues, however.

“Who knows what juicy tidbits we might have found had the rest been available?” Turner wrote.

It may be that the good stuff was simply redacted or withheld. It may be that a golden nugget is hidden under the crease of a photocopied e-mail printout. Maybe Palin is simply not as interesting as people seem to think — or she just knows how to avoid FOI.

The Constitution Unit in the Department of Political Science at University College London is the UK’s leading research body on constitutional change.

This blog features regular posts from academics and practitioners covering a wide range of constitutional issues in the UK and overseas. You can navigate by theme and contributor using the menus at the top of this page, and subscribe to receive new posts to your inbox below.

Follow blog via e-mail

Enter your e-mail address to follow this blog and receive notifications of new posts by e-mail.

Join 1,870 other followers

Unit Mailing List: Sign up to receive notifications of of our events, newsletter and publications